Forum Discussion

Nimbostratus

Mar 30, 2021

Cookie Does Not Contain The "secure" Attribute on ltm vip

Our security team reported that multiple vulnerabilities has been detected on one of VIP: 1.2.3.4 (on BIG-IP LTM v12.1.2 version.) Please refer the list as below 1.Cookie Does Not Contain The...

application delivery

ASM Advanced WAF

F5 Distributed Cloud WAAP

MVP

Mar 31, 2021

Hi,

If you don't use cookie persistence profile, you need to configure the BIG-IP ASM to use secure and HttpOnly cookie flag.

Check in your ASM Policy configuration, Security ›› Application Security : Headers : Cookies List ›› Edit Cookie

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Cookie Does Not Contain The "secure" Attribute on ltm vip

Recent Discussions

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

DEVICE-0202 Error while adding rSeries as a provider in CM

Related Content

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

How I did it - "Securing Nvidia Triton Inference Server with NGINX Plus Ingress Controller”

LockBit, Pwc2Own, AI, "Othello is solved" Oct30th to Nov5th, 2023 F5 SIRT This Week in Security

Missing TABs in "Application Security" BIG-IP 17.1.1.3 - BIG-IP 15.1.7

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS